Chinese Hackers Take Aim at American Drones
China has its own fairly sophisticated drone program, but that has not prevented the country from being unduly curious about how other countries manage theirs. A sophisticated hacking initiative called Operation Beebus has set its sights on drone programs in both the United States and India, and experts believe that the culprits behind the hacking effort are the notorious Comment Crew — hackers who operate as part of the Chinese military.
The information comes by way of FireEye Labs, a high-profile tech security firm. Since December 2011, hackers have attempted to slip malicious DOC and PDF files into important aerospace, defense and communications machines.
Operation Beebus utilizes the exact same methodology as the Comment Crew: It creates bogus text documents and seeds them with very subtle malware. Later, the Crew can extract sensitive information from a protected system via a backdoor. Although the malware compromises the computers, it does nothing to harm them: Operation Beebus wants information, and likely won't risk damaging its prize.
The backdoor pretends to be software from Google or Microsoft, which renders it hard to detect, especially since it does not harm users' computers in any way. Once in place, the backdoor allows alien IP addresses access to private files.
If the Comment Crew is indeed responsible, it's hard to say what the group's ultimate goal is. The organization has been fairly broad in choosing targets. It has attempted to hack into vital systems in companies that produce drones, as well as academic institutes with military funding that research the devices.
The Comment Crew is also interested in more than just drones. In 2012, it targeted North American and Spanish energy companies to learn about their automation processes. The group has also hacked the New York Times database to learn about sources for a damning exposé on the Chinese prime minister, and tried to shut down Tibetan activist websites. The Comment Crew typically seeks protected information, opting for outright harassment less frequently. [See also: Ten Military Aircraft that Never Made it Past the Test Phase]
Most of the DOC and PDF files are unreadable nonsense, intended only to spread malware. However, one document provides a key misdirection: an analysis of a potential Pakistani drone program, purportedly penned by one Aditi Malhotra. Malhotra is a real person, and an expert not only on drone warfare, but also on the links between the Chinese and Pakistani militaries.
Whether Malhotra actually wrote the document is difficult to say, and it's highly unlikely that she would identify herself so brazenly if she were involved in the attacks. Furthermore, Malhotra is Indian: Indemnifying herself through an attempted hack on her own government would be counterproductive. Although the attacks are veiled in Pakistani garb, FireLabs asserts, responsibility still likely lies with China.
Everyday users don't have much to worry about from Operation Beebus, since it has only targeted major players in the drone industry. Even so, avoiding strange attachments is always sound advice. If you're a member of the DIY drone community, keep an eye out for emails from unfamiliar senders, as well.
Operation Beebus wants some very specific information and likely has nothing good planned for it. Hijacking drones may not be commonplace just yet, but that capability could raise some serious questions about widespread drone use.